Overview

overview

10

Static

static

1

update.js

windows10-1703-x64

10

update.js

windows10-2004-x64

10

update.js

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    update.js

  • Size

    223KB

  • Sample

    240301-yvw7jsce6x

  • MD5

    c55219a14b92acc6c766797f0018bdc8

  • SHA1

    23af1095d89a469d63a65ecc9747b7bd22eb275a

  • SHA256

    7fb1dd26be3d45f206ab802749b11463ba79e2aee8d5d9a028e81dfb0d53f0df

  • SHA512

    03690cf44933c53b18e106362d4e4927be3462266c6cdf8cb81fbf79c7676a0e9259ea4c4fdc6d070d41fdf8cd7a70e6ecec5483352632030f1929a196180819

  • SSDEEP

    6144:GVfTMYcAQY6//7tSoXlVoYPg5VfTMYcAQY6//7tSoXlVoYPgq:V77tS0VoYPgs77tS0VoYPgq

Score
10/10
netsupportpersistencerat

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://aljannatquranteach.com/data.php?5210
exe.dropper

https://aljannatquranteach.com/data.php?5210

Targets

    • Target

      update.js

    • Size

      223KB

    • MD5

      c55219a14b92acc6c766797f0018bdc8

    • SHA1

      23af1095d89a469d63a65ecc9747b7bd22eb275a

    • SHA256

      7fb1dd26be3d45f206ab802749b11463ba79e2aee8d5d9a028e81dfb0d53f0df

    • SHA512

      03690cf44933c53b18e106362d4e4927be3462266c6cdf8cb81fbf79c7676a0e9259ea4c4fdc6d070d41fdf8cd7a70e6ecec5483352632030f1929a196180819

    • SSDEEP

      6144:GVfTMYcAQY6//7tSoXlVoYPg5VfTMYcAQY6//7tSoXlVoYPgq:V77tS0VoYPgs77tS0VoYPgq

    Score
    10/10
    netsupportpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks